National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Google Chrome v24 Windows STIG Version 1, Release 1 Checklist Details (Checklist Revisions)

Checklist Highlights

Checklist Name:
Google Chrome v24 Windows STIG
Checklist ID:
466
Version:
Version 1, Release 1
Type:
Compliance
Review Status:
Archived
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
01/27/2017

Checklist Summary:

The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome v24 running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time.

Checklist Role:

  • Web Browser

Known Issues:

Not provided.

Target Audience:

The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

This document is based on Google Chrome v24 installation within the Windows family of operating system. This document, and associated STIG, has set forth requirements based upon having a secured Windows environment as described in various other documents. The superset of these requirements can be found in the appropriate Windows STIG, which is also available from the IASE web site. Failure to follow these requirements can significantly diminish the value of many of the specifications in this document. Security controls that are managed through the underlying operating system platform directly affect the strength of the security that surrounds desktop applications. To conduct a manual review of compliance with the Chrome 24 STIG requirements, it is necessary to use some tools provided with the Windows operating system. Some of these tools are as follows: - Microsoft Management Console - Security Configuration and Analysis Snap-in - Registry Editor The Group Policy Object Editor (GPO) is a system configuration tool used in Windows. The GPO snap-in is used to determine the composite effect of Computer and User configuration policies, such as System and Security Options. The Google Chrome policy templates are not installed by default. They may be obtained at http://www.chromium.org/administrators/policy-templates It must be noted that the guidelines specified should be evaluated in a local, representative test environment before implementation within large user populations. The extensive variety of environments makes it impossible to test these guidelines for all potential software configurations. For some environments, failure to test before implementation may lead to a loss of required functionality.

Regulatory Compliance:

DoD Directive 8500.1

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided.

Product Support:

Not provided.

Point of Contact:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Version 1, Release 1 - 6 November 2013
Version 1, Release 1 - 1 July 2013
Updated resource - 01/27/2017
Updated to FINAL - 03/08/2017
Updated URL to reflect change to the DISA website - http --> https
moved to archive status - 4/15/19

Dependency/Requirements:

URL Description
https://iase.disa.mil/stigs/Documents/u_google_chrome_v24_stig_memo.pdf Google Chrome v24 Windows STIG Release Memo

References:

Reference URL Description

NIST checklist record last modified on 04/15/2019